openstack/octavia
Code Issues Proposed changes

[amphora-agent] add local net to routing table 1

Browse Source 
ensure local route is added to table 1 routing table to prevent
all traffic being routed through the default gateway

Change-Id: I32db9e6cc72d320c7ec393b77cef9a2d61a07d19
Story: 2002691
Task: 22716
(cherry picked from commit 1fa91ab0c9)
This commit is contained in:
CALIN Cristian Andrei 2018-06-18 16:06:47 +03:00 committed by Carlos Goncalves
parent 99319c2408
commit a99f70f7c7
7 changed files with 56 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
octavia/amphorae/backends/agent/api_server/osutils.py
View File

@ -100,6 +100,7 @@ class BaseOS(object):
broadcast=broadcast, broadcast=broadcast,
netmask=netmask, netmask=netmask,
gateway=gateway, gateway=gateway,
network=utils.ip_netmask_to_cidr(vip, netmask),
mtu=mtu, mtu=mtu,
vrrp_ip=vrrp_ip, vrrp_ip=vrrp_ip,
vrrp_ipv6=vrrp_version is 6, vrrp_ipv6=vrrp_version is 6,
@ -385,7 +386,7 @@ class RH(BaseOS):
self.write_static_routes_interface_file( self.write_static_routes_interface_file(
routes_interface_file_path, primary_interface, routes_interface_file_path, primary_interface,
render_host_routes, template_routes, gateway, vip) render_host_routes, template_routes, gateway, vip, netmask)
route_rules_interface_file_path = ( route_rules_interface_file_path = (
self.get_route_rules_interface_file(primary_interface)) self.get_route_rules_interface_file(primary_interface))
@ -393,11 +394,12 @@ class RH(BaseOS):
self.write_static_routes_interface_file( self.write_static_routes_interface_file(
route_rules_interface_file_path, primary_interface, route_rules_interface_file_path, primary_interface,
render_host_routes, template_rules, gateway, vip) render_host_routes, template_rules, gateway, vip, netmask)
def write_static_routes_interface_file(self, interface_file_path, def write_static_routes_interface_file(self, interface_file_path,
interface, host_routes, interface, host_routes,
template_routes, gateway, vip): template_routes, gateway,
vip, netmask):
# write static routes interface file # write static routes interface file
mode = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH mode = stat.S_IRUSR | stat.S_IWUSR | stat.S_IRGRP | stat.S_IROTH
@ -414,6 +416,7 @@ class RH(BaseOS):
interface=interface, interface=interface,
host_routes=host_routes, host_routes=host_routes,
gateway=gateway, gateway=gateway,
network=utils.ip_netmask_to_cidr(vip, netmask),
vip=vip, vip=vip,
) )
text_file.write(text) text_file.write(text)
@ -441,7 +444,7 @@ class RH(BaseOS):
self.write_static_routes_interface_file( self.write_static_routes_interface_file(
routes_interface_file_path, netns_interface, routes_interface_file_path, netns_interface,
host_routes, template_routes, None, None) host_routes, template_routes, None, None, None)
def bring_interfaces_up(self, ip, primary_interface, secondary_interface): def bring_interfaces_up(self, ip, primary_interface, secondary_interface):
if ip.version == 4: if ip.version == 4:

2
octavia/amphorae/backends/agent/api_server/templates/plug_vip_ethX.conf.j2
View File

@ -42,8 +42,10 @@ broadcast {{ broadcast }}
netmask {{ netmask }} netmask {{ netmask }}
# Add a source routing table to allow members to access the VIP # Add a source routing table to allow members to access the VIP
{%- if gateway %} {%- if gateway %}
post-up /sbin/ip {{ '-6 ' if vip_ipv6 }}route add {{ network }} dev {{ interface }} src {{ vip }} scope link table 1
post-up /sbin/ip {{ '-6 ' if vip_ipv6 }}route add default via {{ gateway }} dev {{ interface }} onlink table 1 post-up /sbin/ip {{ '-6 ' if vip_ipv6 }}route add default via {{ gateway }} dev {{ interface }} onlink table 1
post-down /sbin/ip {{ '-6 ' if vip_ipv6 }}route del default via {{ gateway }} dev {{ interface }} onlink table 1 post-down /sbin/ip {{ '-6 ' if vip_ipv6 }}route del default via {{ gateway }} dev {{ interface }} onlink table 1
post-down /sbin/ip {{ '-6 ' if vip_ipv6 }}route del {{ network }} dev {{ interface }} src {{ vip }} scope link table 1
{%- endif %} {%- endif %}
{%- for hr in host_routes %} {%- for hr in host_routes %}
post-up /sbin/ip {{ '-6 ' if vip_ipv6 }}route add {{ hr.network }} via {{ hr.gw }} dev {{ interface }} onlink table 1 post-up /sbin/ip {{ '-6 ' if vip_ipv6 }}route add {{ hr.network }} via {{ hr.gw }} dev {{ interface }} onlink table 1

1
octavia/amphorae/backends/agent/api_server/templates/rh_route_ethX.conf.j2
View File

@ -19,6 +19,7 @@
{%- endfor %} {%- endfor %}
# Add a source routing table to allow members to access the VIP # Add a source routing table to allow members to access the VIP
{%- if gateway %} {%- if gateway %}
{{ network }} dev {{ interface }} src {{ vip }} scope link table 1
default table 1 via {{ gateway }} dev {{ interface }} default table 1 via {{ gateway }} dev {{ interface }}
{%- endif %} {%- endif %}
{%- for hr in host_routes %} {%- for hr in host_routes %}

9
octavia/common/utils.py
View File

@ -78,6 +78,15 @@ def netmask_to_prefix(netmask):
return netaddr.IPAddress(netmask).netmask_bits() return netaddr.IPAddress(netmask).netmask_bits()
def ip_netmask_to_cidr(ip, netmask):
net = netaddr.IPNetwork("0.0.0.0/0")
if ip and netmask:
net = netaddr.IPNetwork(
"{ip}/{netmask}".format(ip=ip, netmask=netmask)
)
return "{ip}/{netmask}".format(ip=net.network, netmask=net.prefixlen)
class exception_logger(object): class exception_logger(object):
"""Wrap a function and log raised exception """Wrap a function and log raised exception

20
octavia/tests/functional/amphorae/backend/agent/api_server/test_server.py
View File

@ -1707,10 +1707,14 @@ class TestServerTestCase(base.TestCase):
'netmask 255.255.255.0\n' 'netmask 255.255.255.0\n'
'# Add a source routing table to allow members to ' '# Add a source routing table to allow members to '
'access the VIP\n' 'access the VIP\n'
'post-up /sbin/ip route add 203.0.113.0/24 '
'dev eth1 src 203.0.113.2 scope link table 1\n'
'post-up /sbin/ip route add default via 203.0.113.1 ' 'post-up /sbin/ip route add default via 203.0.113.1 '
'dev eth1 onlink table 1\n' 'dev eth1 onlink table 1\n'
'post-down /sbin/ip route del default via 203.0.113.1 ' 'post-down /sbin/ip route del default via 203.0.113.1 '
'dev eth1 onlink table 1\n' 'dev eth1 onlink table 1\n'
'post-down /sbin/ip route del 203.0.113.0/24 '
'dev eth1 src 203.0.113.2 scope link table 1\n'
'post-up /sbin/ip route add 203.0.114.0/24 ' 'post-up /sbin/ip route add 203.0.114.0/24 '
'via 203.0.113.5 dev eth1 onlink table 1\n' 'via 203.0.113.5 dev eth1 onlink table 1\n'
'post-down /sbin/ip route del 203.0.114.0/24 ' 'post-down /sbin/ip route del 203.0.114.0/24 '
@ -1804,10 +1808,14 @@ class TestServerTestCase(base.TestCase):
'netmask 255.255.255.0\n' 'netmask 255.255.255.0\n'
'# Add a source routing table to allow members to ' '# Add a source routing table to allow members to '
'access the VIP\n' 'access the VIP\n'
'post-up /sbin/ip route add 203.0.113.0/24 '
'dev eth1 src 203.0.113.2 scope link table 1\n'
'post-up /sbin/ip route add default via 203.0.113.1 ' 'post-up /sbin/ip route add default via 203.0.113.1 '
'dev eth1 onlink table 1\n' 'dev eth1 onlink table 1\n'
'post-down /sbin/ip route del default via 203.0.113.1 ' 'post-down /sbin/ip route del default via 203.0.113.1 '
'dev eth1 onlink table 1\n' 'dev eth1 onlink table 1\n'
'post-down /sbin/ip route del 203.0.113.0/24 '
'dev eth1 src 203.0.113.2 scope link table 1\n'
'post-up /sbin/ip rule add from 203.0.113.2/32 table 1 ' 'post-up /sbin/ip rule add from 203.0.113.2/32 table 1 '
'priority 100\n' 'priority 100\n'
'post-down /sbin/ip rule del from 203.0.113.2/32 table 1 ' 'post-down /sbin/ip rule del from 203.0.113.2/32 table 1 '
@ -2037,10 +2045,16 @@ class TestServerTestCase(base.TestCase):
'netmask 32\n' 'netmask 32\n'
'# Add a source routing table to allow members to access ' '# Add a source routing table to allow members to access '
'the VIP\n' 'the VIP\n'
'post-up /sbin/ip -6 route add 2001:db8::/32 '
'dev eth1 src 2001:0db8:0000:0000:0000:0000:0000:0002 '
'scope link table 1\n'
'post-up /sbin/ip -6 route add default via 2001:db8::1 ' 'post-up /sbin/ip -6 route add default via 2001:db8::1 '
'dev eth1 onlink table 1\n' 'dev eth1 onlink table 1\n'
'post-down /sbin/ip -6 route del default via 2001:db8::1 ' 'post-down /sbin/ip -6 route del default via 2001:db8::1 '
'dev eth1 onlink table 1\n' 'dev eth1 onlink table 1\n'
'post-down /sbin/ip -6 route del 2001:db8::/32 '
'dev eth1 src 2001:0db8:0000:0000:0000:0000:0000:0002 '
'scope link table 1\n'
'post-up /sbin/ip -6 route add 2001:db9::/32 via ' 'post-up /sbin/ip -6 route add 2001:db9::/32 via '
'2001:db8::5 dev eth1 onlink table 1\n' '2001:db8::5 dev eth1 onlink table 1\n'
'post-down /sbin/ip -6 route del 2001:db9::/32 ' 'post-down /sbin/ip -6 route del 2001:db9::/32 '
@ -2137,10 +2151,16 @@ class TestServerTestCase(base.TestCase):
'netmask 32\n' 'netmask 32\n'
'# Add a source routing table to allow members to access ' '# Add a source routing table to allow members to access '
'the VIP\n' 'the VIP\n'
'post-up /sbin/ip -6 route add 2001:db8::/32 '
'dev eth1 src 2001:0db8:0000:0000:0000:0000:0000:0002 '
'scope link table 1\n'
'post-up /sbin/ip -6 route add default via 2001:db8::1 ' 'post-up /sbin/ip -6 route add default via 2001:db8::1 '
'dev eth1 onlink table 1\n' 'dev eth1 onlink table 1\n'
'post-down /sbin/ip -6 route del default via 2001:db8::1 ' 'post-down /sbin/ip -6 route del default via 2001:db8::1 '
'dev eth1 onlink table 1\n' 'dev eth1 onlink table 1\n'
'post-down /sbin/ip -6 route del 2001:db8::/32 '
'dev eth1 src 2001:0db8:0000:0000:0000:0000:0000:0002 '
'scope link table 1\n'
'post-up /sbin/ip -6 rule add from ' 'post-up /sbin/ip -6 rule add from '
'2001:0db8:0000:0000:0000:0000:0000:0002/32 table 1 ' '2001:0db8:0000:0000:0000:0000:0000:0002/32 table 1 '
'priority 100\n' 'priority 100\n'

12
octavia/tests/unit/common/test_utils.py
View File

@ -48,3 +48,15 @@ class TestConfig(base.TestCase):
self.assertEqual(utils.netmask_to_prefix('255.255.0.0'), 16) self.assertEqual(utils.netmask_to_prefix('255.255.0.0'), 16)
self.assertEqual(utils.netmask_to_prefix('255.255.255.0'), 24) self.assertEqual(utils.netmask_to_prefix('255.255.255.0'), 24)
self.assertEqual(utils.netmask_to_prefix('255.255.255.128'), 25) self.assertEqual(utils.netmask_to_prefix('255.255.255.128'), 25)
def test_ip_netmask_to_cidr(self):
self.assertEqual('10.0.0.0/8',
utils.ip_netmask_to_cidr('10.0.0.1', '255.0.0.0'))
self.assertEqual('10.0.0.0/9',
utils.ip_netmask_to_cidr('10.0.0.1', '255.128.0.0'))
self.assertEqual('10.0.0.0/16',
utils.ip_netmask_to_cidr('10.0.0.1', '255.255.0.0'))
self.assertEqual('10.0.0.0/20',
utils.ip_netmask_to_cidr('10.0.0.1', '255.255.240.0'))
self.assertEqual('10.0.0.0/30', utils.ip_netmask_to_cidr(
'10.0.0.1', '255.255.255.252'))

5
releasenotes/notes/fix-route-table-b2ec0aa7b92d2abc.yaml Normal file
View File

@ -0,0 +1,5 @@
---
fixes:
- |
Fixes an issue where VIP return traffic was always routed, if a gateway
was defined, through the gateway address even if it was local traffic.